In our world of continuously increasing dependence on technology in our personal and professional lives, the successful implementation of cyber security is becoming more essential than ever. The amount of data emitted by people on a daily basis is immense, and companies like ChoicePoint constantly gather this data. These companies compile data to sell to other entities in order for those organizations to make many business-related conclusions, including decisions related to investing, advertising, and even whether or not to issue credit or insurance to individuals. Companies like ChoicePoint, LexisNexis, and Acxiom garner a lot of power in the business world because they “know” so much about potential customers. However, if a company who holds that power loses control of it as ChoicePoint did, they not only lose credibility with their competitors and prospective clients, but they also put thousands of people at risk for identity theft and other negative ramifications that arise from a security breach of the magnitude that ChoicePoint experienced. According to the article, “Management’s Role in Information Security in a Cyber Economy,” security for an organization’s assets is not a matter of firewalls or biometrics, but rather the implementation of a systemic cyber-security policy that starts with top management and trickles down to every aspect of the organization. This top-down approach helps to ensure that cyber-security is made a part of the organizational culture, and is not just viewed as something the information technology department of the company should be concerned with. Another fact stated by the article is that an organization cannot completely secure their entire collection of assets. It would be impossible for a company to accomplish such a task, so they must accurately identify and categorize their assets to determine what needs to be secured, and what is less important. The organization should then implement a comprehensive policy to define what resources should be expended to insure sufficient security, the actions that need to be taken to maintain a secure organization, and the course of action that should be followed should a security breach occur. In the case of ChoicePoint’s security breach, they attempted to implement a top-down privacy regulation through the reorganization of their company policy relating to fraud detection and cyber security. However, the effort was too-little-too-late following the successful breach by a fraudulent “small business,” which effectively thwarted ChoicePoint’s safeguards and gave outsiders access to their seemingly limitless stockpiles of individuals’ personal information. ChoicePoint was not rigorous enough in their precautions to completely eliminate the chance of an imposter getting into their system the way they did because each and every employee in the company was not trained or instructed on how to detect,